The first SSL_write in my program fails due to a "handshake failure" when attempting to connect to a particular web server. I can connect to and execute HTTP requests against other SSL-capable web servers with my program, but not this particular one (running Microsoft-IIS/3.0). I see a similar result with s_client: $ openssl s_client -state -connect webserver.[undisclosed].com:443 CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=0 /C=US/ST=California/L=[undisclosed]/O=[undisclosed]/OU=Development/CN=webserver.[undisclosed].com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=California/L=[undisclosed]/O=[undisclosed]/OU=Development/CN=webserver.[undisclosed].com verify error:num=21:unable to verify the first certificate verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:failed in SSLv3 read finished A 25440:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:224: Interestingly, the cli.cpp demo (modified) seems to be able to connect and read the first packet (97 bytes worth of HTTP header). Another possibly interesting data point is that cli reports RC4-MD5 with this particular server. So far, this is the only server that I've seen using this particular cipher. I get the same result with s_client (and my program) on both FreeBSD (i386) and AIX (RS/6000). Is there anything special that needs to be done in order to talk https with MS-IIS, or to speak RC4-MD5? -- $Id: .signature,v 1.3 1998/03/02 22:18:29 j Exp $ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
